- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Epsilon hack: Notification letters
Let's start with Epsilon's notification:
Epsilon notifies clients of unauthorized entry into email system
IRVING, TEXAS – April 1, 2011 - On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
Important information from McKinsey Quarterly
We have been informed by our email service provider, Epsilon, that your email address was exposed by unauthorized entry into their system. Epsilon sends e-mails on our behalf to McKinsey Quarterly users who have opted to receive email communications from us.
We have been assured by Epsilon that the only information that was obtained was your first name, last name and email address and that the files that were accessed did not include any other information. We are actively working to confirm this. We do not store any credit card numbers, social security numbers, or other personally identifiable information of our users, so we can assure you that no such information was accessed.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. Also know that McKinsey Quarterly will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if you are ever asked for this information, you can be confident it is not from McKinsey.
We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
If you have any questions or concerns, please contact McKinsey Quarterly at email@example.com. For any media inquiries, please contact Humphrey Rolleston at +1-212-415-5321.
Senior Managing Editor
McKinsey & Company
An important announcement for Brookstone email customers
Dear Valued Brookstone Customer,
On March 31, we were informed by our email service provider that your email address may have been exposed by unauthorized entry into their system. Our email service provider deploys e-mails on our behalf to customers in our email database.
We want to assure you that the only information that may have been obtained was your first name and email address. Your account and any other personally identifiable information are not stored in this system and were not at risk.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
In keeping with best industry security practices, Brookstone will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, Brookstone.com.
Our service provider has reported this incident to the appropriate authorities.
We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
Brookstone Customer Care
Kroger.com FAQ on what happened
We were notified and became aware of unauthorized access to our email list by someone outside our company. We want to assure you that the only information that was obtained were names and email addresses. Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously.
--How will this affect you?
In many cases, it won't. Only names and email addresses were taken, and all other customer information is secure. You may receive some unsolicited emails (spam) as a result of this incident. Kroger wants to remind you not to open emails from senders you do not know.
Also, Kroger would never ask you to email personal information, such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted.
Why did you receive notification on this incident?
The reason we are going directly to you with this news is because we think it's the right thing to do for you, a valued Kroger Customer. As a company, we believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident.
--What we are doing for the future security?
Let us reassure you that we are taking necessary steps to safeguard your personal information. You may be aware of attacks on email marketing systems, therefore we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident.
Additionally, we have taken steps to minimize this type of exposure in the future. We will continue to take all appropriate measures to keep your personal information secure at Kroger.
--Does this affect my 1-2-3 Rewards Mastercard account?
1-2-3 Rewards Mastercard account information is completely secure and was unaffected by the breach. Only names and email address information were taken.
--Is my personal or financial information at risk?
No, only names and email address were taken. All other customer information is secure. See "How will this affect you?" for further details.
--Can I be taken off your email list?
To remove your email address from our email list, please sign into your online account, select Email Subscriptions and remove any marked selections.
--Do I need to do anything?
The appropriate authorities have been engaged and we have taken measures to minimize this type of exposure in the future. No further action is required on your part.
Expect to see a lot more of these letters, because Epsilon has a lot of big-name customers, including JP Morgan Chase, Visa, Kraft, Citibank and Marriott International.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment
- Cloud-based Cyber Security: A Hybrid Approach to Threat Detection and DDoS Mitigation IDC Technology Spotlight
- How Identity and Access Intelligence Will Revolutionize IAM
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Defending Against Increasingly Sophisticated Cyber Attacks
- Rethinking Your Enterprise Security - Critical Priorities to Consider